🏊 Les JO commencent dans moins de 20 jours… à quelles menaces cyber faut-il s’attendre, et comment s'y préparer ? 📺 Retrouvez les explications de François Deruty et Guillaume Tissier dans l’émission #SmartTech de Delphine Sabattier sur B SMART Pour visionner le replay 👉 https://lnkd.in/euKD8b69 Florence Devillers #JO2024 #Paris2024 #cybersecurite
Post de Sekoia.io
Plus de posts pertinents
-
🚨 Sekoia supports police-led desinfection campaign against #PlugX worm Following a report from Sekoia.io, a disinfection operation was launched by the French judicial authorities to dismantle the botnet controlled by the PlugX worm. PlugX affected several million victims worldwide. ⚙️ A disinfection solution developed by the Sekoia.io TDR team was proposed via Europol to partner countries and is being deployed at this time. 🤝 We are pleased with the fruitful cooperation with the actors involved in France (section J3 of the Paris Public Prosecutor's Office Parquet de Paris, C3N, Unité nationale cyber de la Gendarmerie nationale • UNCyber and ANSSI - Agence nationale de la sécurité des systèmes d'information) and internationally (Europol and police forces of third countries) to take action against long-lasting malicious cyber activities. Congrats to Sekoia TDR threat intelligence François Deruty, Félix Aimé, Charles Meslay! 📝 Time to re-read our publication about PlugX! Link in comment 👇
CYBERCRIMINALITE (J3) - DEMANTELEMENT DU BOTNET PLUGX - COMMUNIQUE DE PRESSE A l'ouverture des Jeux Olympiques et Paralympiques Paris 2024 - Comité d'organisation des Jeux Olympiques et Paralympiques de 2024 - tous les acteurs de la cybersécurité sont particulièrement vigilants. Sur signalement de la société Sekoia.io, la section J3 du Parquet de Paris a ouvert une enquête préliminaire confiée au C3N (centre de lutte contre les criminalités numériques de la gendarmerie nationale, Commandement du ministère de l’Intérieur dans le cyberespace (COMCYBER-MI) ) concernant un réseau de machines zombies (botnet) comptant plusieurs millions de victimes dans le monde, dont plusieurs milliers en France. Ce botnet a été utilisé notamment à des fins d'espionnage. La solution de désinfection a été proposée via Europol à nos pays partenaires, qui bénéficient également de cette opération internationale en cours. Retrouvez le communiqué de presse ci-dessous ⤵ Explication technique et une liste d’indicateurs de compromission sur le blog de Sekoia.io : https://lnkd.in/dH5pFFid Est rappelée l’importance des mesures de sécurité informatique du quotidien, notamment l’utilisation d’un logiciel antivirus maintenu à jour, et la vigilance sur l'utilisation des clés USB et des liens inconnus. En cas de doute, consultez Cybermalveillance.gouv.fr Le parquet se réjouit du succès de cette opération, et salue la fluidité de la coopération avec la société Sekoia, les enquêteurs de la Gendarmerie Nationale, l'ANSSI - Agence nationale de la sécurité des systèmes d'information, ainsi qu’avec de nombreuses autorités étrangères par le biais de l’agence Europol. À la veille de l’ouverture des Jeux olympiques, cette opération démontre la vigilance des différents acteurs, en France et à l’étranger, mobilisés pour lutter contre toutes les formes de cybercriminalité, y compris les plus sophistiquées.
-
📝 In our latest blogpost, we dive deep into addressing detection gaps in AWS environments using Mitigant Cloud Attack Emulation and the Sekoia SOC Platform🛡️ ⚙️ We illustrate this with a real-life scenario emulating the Scattered Spider threat actor, showcasing the power of a combined approach in defending against malicious actors 🎯 💡For #CTIanalysts, #CybersecurityEngineers, #SOCManagers, and #RSSI professionals, this is a must-read to stay ahead of threats lurking in your AWS infrastructure. 👉 Read the full article to learn more: https://lnkd.in/gUD4NY9T #AWS #ThreatDetection #SOCPlatform #ThreatIntelligence #XDR #AdversaryEmulation
Emulating and Detecting Scattered Spider-like Attacks
blog.sekoia.io
-
🚀 Ready for the Future of Workflow Management? Sekoia.io introduces Meta-Playbooks: A single playbook for multiple communities that guarantees unmatched efficiency. Meta-Playbooks address common issues like manual duplication efforts and inefficient playbook management and diagnosis. 💡 Key capabilities include: ‣ Multi-community playbook management ‣ Enhanced workflow monitoring across all your communities ‣ New diagnosis capabilities to simplify troubleshooting Discover how Meta-Playbooks can transform your workflow https://lnkd.in/ec4ihpVg #WorkflowManagement #Efficiency #Innovation #SOCplatfom
-
🚨 Have you heard of the Quad7 (7777) Botnet? This is a botnet known in open source for deploying Socks5 proxies on compromised devices. 🏹 Its main purpose? To conduct extremely slow brute force attacks on Microsoft 365 accounts globally. With scarce documentation available on this mysterious botnet, which also targets our customers, our CTI analysts took it upon themselves to dig deeper. 🕵️♂️🕵️♀️ 🔍 Key findings so far: ‣ The botnet resides on compromised TP-Link routers around the world. ‣ These routers are used for password spraying attacks on Microsoft 365 accounts. ‣ The attack pattern suggests a potential long-term business email compromise threat, rather than involvement from an APT actor. 💡Despite our findings, several mysteries remain about the specific exploits used to compromise the routers, the attribution of this cluster of activity to a particular threat actor and other things you can check out on our blog: https://lnkd.in/erBsej76 #Quad7Botnet #7777Botnet #ThreatIntelligence #Cybersecurity #Microsoft365
Solving the 7777 Botnet enigma: A cybersecurity quest
blog.sekoia.io
-
🧩 This week, we focus on Sekoia.io x Claroty xDome integration [EN](FR below) 🤖 Sekoia.io SOC platform is built on an Open XDR architecture which leverages your security components to drastically improve your detection and response capabilities, thanks to the integrated #SIEM and #SOAR features that rely on many detection functionalities: ☑ Real time CTI/Correlation/UEBA detection engines ☑ More than 7M structured and contextualized IoCs ☑ Over 900 built-in verified detections rules, etc. 📄🛡️ The Sekoia.io integrations catalog already includes more than 200 of the most important security solutions on the market (Endpoint, Cloud, IAM, Mail, Network etc.), in particular the Claroty xDome solution one whose documentation you can find here: https://lnkd.in/eagvTsMh ================== 🧩 Cette semaine, focus sur l’intégration Sekoia.io x Claroty xDome integration 🤖 La plateforme #SOC Sekoia.io est battie sur une architecture Open XDR qui tire profit de vos composants de sécurité afin d’améliorer vos capacités de détection et de réponse et ce grâce aux fonctions intégrées de SIEM et de SOAR qui s’appuient en particulier sur : ☑ Plusieurs moteurs de détection (#CTI/Correlation/UEBA) temps réel ☑ Plus de 7 millions d’IoCs structurés et contextualisés ☑ Plus de 900 règles de détection vérifiées 📄 🛡️ Le catalogue des intégrations de Sekoia.io comprend déjà plus de 200 solutions de sécurité du marché (Endpoint, Cloud, IAM, Mail, Réseau etc.), et en particulier la solution Claroty xDome dont vous trouverez la documentation ici 👇 https://lnkd.in/eagvTsMh
-
-
🚨 A recent campaign related to the #MuddyWater intrusion set, suspected to be operated by the Iranian intelligence service, has been uncovered targeting Western and Middle Eastern entities. 🔎 By examining their new infection techniques and attack infrastructure, we observed that MuddyWater changed their infection chain and now use a new malware implant dubbed "MuddyRot" by Sekoia TDR analysts. It replaces the previously used Atera RRM tool as a validator. 💡 Dive into our technical analysis of the “MuddyRot” malware and discover past and current infection chains associated with MuddyWater in this report: https://lnkd.in/esBkxZCx #Cybersecurity #ThreatIntelligence #CTI #Iran #MuddyWater
MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign
blog.sekoia.io
-
✨ Our partners speak best! ✨ How Monaco Cyber Sécurité Ensures Data Residency Compliance with Sekoia.io 🔍 In our latest case study, we explore how Monaco Cyber Sécurité, leading MSSP in Monaco and beyond, achieves data residency compliance using Sekoia.io. Key highlights: - Deploying instances in Monaco with guaranteed data residency 💭 - Enhanced security posture and minimized false positives 🛡️ - Flexibility, scalability, training, and support 🤝 Read the full story to learn more! Link in comment 👇 Sébastien Massé #CyberSecurity #DataResidency #MSSP #SOCplatform #Monaco
